GitHub user prabhjyotsingh reopened a pull request:
https://github.com/apache/zeppelin/pull/1554
[ZEPPELIN-1320] Run zeppelin interpreter process as web front end user
Have recreated this from https://github.com/apache/zeppelin/pull/1322
### What is this PR for?
While running a Notebook using shell, spark, python uses same user as which
zeppelin server is running. Which means these interprets have same permission
on file system as zeppelin server.
IMO users should be able to impersonate themselves as a complete security
system.
### What type of PR is it?
[Improvement]
### Todos
- [x] - Update doc
- [x] - FIX NPEs
- [x] - FIX CI
### What is the Jira issue?
- [ZEPPELIN-1320](https://issues.apache.org/jira/browse/ZEPPELIN-1320)
### How should this be tested?
- Enable shiro auth in shiro.ini
- Add ssh key for the same user you want to try and impersonate (say user1).
```
adduser user1
ssh-keygen
ssh user1@localhost mkdir -p .ssh
cat ~/.ssh/id_rsa.pub | ssh user1@localhost 'cat >> .ssh/authorized_keys'
```
- Start zeppelin server, try and run following in paragraph in a notebook
- Go to interpreter setting page, and enable "User Impersonate" in any of
the interpreter (in my example its shell interpreter)
```
%sh
whoami
```
Check that it should run as new user, i.e. "user1"
### Screenshots (if appropriate)
### Questions:
- Does the licenses files need update? no
- Is there breaking changes for older versions? no
- Does this needs documentation? yes
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/prabhjyotsingh/zeppelin ZEPPELIN-1320-2
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/1554.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1554
----
commit aff1bf0645785102bff90e99150d40d8bbc2f03d
Author: Prabhjyot Singh <[email protected]>
Date: 2016-10-23T07:46:59Z
user should have option to run these interpreters as different user.
commit dd0731d540175cef0de5bb63ad7a4a11db024600
Author: Prabhjyot Singh <[email protected]>
Date: 2016-10-23T07:57:14Z
fix missing test cases
commit 0ff80ec987b803e40967a626cdb1b13e0caa0507
Author: Prabhjyot Singh <[email protected]>
Date: 2016-10-28T05:48:38Z
Merge remote-tracking branch 'origin/master' into ZEPPELIN-1320-2
commit 03b2f203e807ecf10bd37a998224c100a5ded557
Author: Prabhjyot Singh <[email protected]>
Date: 2016-10-31T05:27:20Z
use user instead of ""
commit 02c308423a28bdc0e5e598cfde8e089591c31172
Author: Prabhjyot Singh <[email protected]>
Date: 2016-11-10T03:53:54Z
Merge remote-tracking branch 'origin/master' into ZEPPELIN-1320-2
commit 5a76839750f544a59b034947dbf78e5449f93c87
Author: Prabhjyot Singh <[email protected]>
Date: 2016-11-10T06:29:22Z
show User Impersonate only when interpreter setting is "per user" and
"isolated"
commit 1b26cc09c8da9f1219296454fa9e12ecd8558dfd
Author: Prabhjyot Singh <[email protected]>
Date: 2016-11-14T09:32:04Z
add doc
commit dc69c9d2d3c520d4a0d354373f451ad66f9c8435
Author: Prabhjyot Singh <[email protected]>
Date: 2016-11-16T08:08:43Z
@Leemoonsoo review comment: making ZEPPELIN_SSH_COMMAND configurable
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
